Overview

overview

10

Static

static

10

JaffaCakes...d4.exe

windows7-x64

10

JaffaCakes...d4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_1278dc9ee6941bbdb8573616ab0226d4

  • Size

    816KB

  • Sample

    250221-n72mpatjz5

  • MD5

    1278dc9ee6941bbdb8573616ab0226d4

  • SHA1

    722fe240bf31480dab63c0e07c0f0851fabf6f2e

  • SHA256

    19f6d6d467e71234c3a75acece750374fbc8a41ea146d79234fa4a0c1b8d2a17

  • SHA512

    e5bc523e9b87924635d68a1975bc333a73b238e5fb94f943d1d56a6c69603a8f1b0b2ffd53be159baf8cf0a332bfec942f615feb86edf63cc3fb36c4bd2bedf0

  • SSDEEP

    12288:gqkAx8i7pC8PapFTUt6xIuFrb9OKcEKfBKSNqvnSNgFCV4tuRt888888888888WX:N8i7pjPapFTUt6xIyHGBKSNqvn5m4tk+

Score
10/10
renamerdiscoverypersistenceworm

Malware Config

Targets

    • Target

      JaffaCakes118_1278dc9ee6941bbdb8573616ab0226d4

    • Size

      816KB

    • MD5

      1278dc9ee6941bbdb8573616ab0226d4

    • SHA1

      722fe240bf31480dab63c0e07c0f0851fabf6f2e

    • SHA256

      19f6d6d467e71234c3a75acece750374fbc8a41ea146d79234fa4a0c1b8d2a17

    • SHA512

      e5bc523e9b87924635d68a1975bc333a73b238e5fb94f943d1d56a6c69603a8f1b0b2ffd53be159baf8cf0a332bfec942f615feb86edf63cc3fb36c4bd2bedf0

    • SSDEEP

      12288:gqkAx8i7pC8PapFTUt6xIuFrb9OKcEKfBKSNqvnSNgFCV4tuRt888888888888WX:N8i7pjPapFTUt6xIyHGBKSNqvn5m4tk+

    Score
    10/10
    renamerdiscoverypersistenceworm

    • Detects Renamer worm.

      Renamer aka Grename is worm written in Delphi.

    • Renamer family

      renamer

    • Renamer, Grenam

      Renamer aka Grenam is a worm written in Delphi.

      wormrenamer

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks